Vulnerability-Lookup

CVE-2019-18802 (GCVE-0-2019-18802)

Vulnerability from cvelistv5 – Published: 2019-12-13 12:21 – Updated: 2024-08-05 02:02

Summary

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2019-18802

Vulnerability from fkie_nvd - Published: 2019-12-13 13:15 - Updated: 2024-11-21 04:33

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
cve@mitre.org	https://blog.envoyproxy.io	Product
cve@mitre.org	https://github.com/envoyproxy/envoy/commits/master	Patch
cve@mitre.org	https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4	Exploit, Third Party Advisory
cve@mitre.org	https://groups.google.com/forum/#%21forum/envoy-users
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
af854a3a-2127-422b-91ae-364da2661108	https://blog.envoyproxy.io	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/envoyproxy/envoy/commits/master	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/forum/#%21forum/envoy-users

Impacted products

	Vendor	Product	Version
	envoyproxy	envoy	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FE9447-DDAB-42A3-827A-DAB57328D902",
              "versionEndIncluding": "1.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.12.0. Un cliente remoto no confiable puede enviar un encabezado HTTP (como Host) con espacios en blanco despu\u00e9s del contenido del encabezado. Envoy tratar\u00e1 el \"header-value \" como una cadena diferente del \"header-value\", de modo que, por ejemplo, con el encabezado Host \"example.com \" se podr\u00edan omitir los comparadores de \"example.com\"."
    }
  ],
  "id": "CVE-2019-18802",
  "lastModified": "2024-11-21T04:33:35.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-13T13:15:11.383",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://blog.envoyproxy.io"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/envoyproxy/envoy/commits/master"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://groups.google.com/forum/#%21forum/envoy-users"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://blog.envoyproxy.io"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/envoyproxy/envoy/commits/master"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21forum/envoy-users"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-01020

Vulnerability from cnvd - Published: 2020-01-08

Title

Envoy缓冲区溢出漏洞（CNVD-2020-01020）

Description

Envoy是一款开源的分布式代理服务器。 Envoy 1.12.0版本中存在缓冲区溢出漏洞，攻击者可利用该漏洞绕过路由匹配并在系统上提升权限或获取敏感信息。

Severity

高

Patch Name

Envoy缓冲区溢出漏洞（CNVD-2020-01020）的补丁

Patch Description

Envoy是一款开源的分布式代理服务器。 Envoy 1.12.0版本中存在缓冲区溢出漏洞，攻击者可利用该漏洞绕过路由匹配并在系统上提升权限或获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://istio.io/news/security/istio-security-2019-007/

Reference

https://access.redhat.com/security/cve/cve-2019-18802 https://nvd.nist.gov/vuln/detail/CVE-2019-18802

Impacted products

Name
Envoy Envoy 1.12.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18802"
    }
  },
  "description": "Envoy\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u4ee3\u7406\u670d\u52a1\u5668\u3002\n\nEnvoy 1.12.0\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8def\u7531\u5339\u914d\u5e76\u5728\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\u6216\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://istio.io/news/security/istio-security-2019-007/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-01020",
  "openTime": "2020-01-08",
  "patchDescription": "Envoy\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u4ee3\u7406\u670d\u52a1\u5668\u3002\r\n\r\nEnvoy 1.12.0\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8def\u7531\u5339\u914d\u5e76\u5728\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\u6216\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Envoy\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-01020\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Envoy Envoy 1.12.0"
  },
  "referenceLink": "https://access.redhat.com/security/cve/cve-2019-18802\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18802",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-11",
  "title": "Envoy\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-01020\uff09"
}

GHSA-FX83-72PW-C56F

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-04 02:43

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-18802"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-13T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers.",
  "id": "GHSA-fx83-72pw-c56f",
  "modified": "2024-04-04T02:43:29Z",
  "published": "2022-05-24T17:03:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18802"
    },
    {
      "type": "WEB",
      "url": "https://blog.envoyproxy.io"
    },
    {
      "type": "WEB",
      "url": "https://github.com/envoyproxy/envoy/commits/master"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!forum/envoy-users"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21forum/envoy-users"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-18802

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-18802

Aliases

CVE-2019-18802

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-18802",
    "description": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers.",
    "id": "GSD-2019-18802",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-18802.html",
      "https://access.redhat.com/errata/RHSA-2019:4222",
      "https://advisories.mageia.org/CVE-2019-18802.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-18802"
      ],
      "details": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers.",
      "id": "GSD-2019-18802",
      "modified": "2023-12-13T01:23:50.502058Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-18802",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/envoyproxy/envoy/commits/master",
            "refsource": "MISC",
            "url": "https://github.com/envoyproxy/envoy/commits/master"
          },
          {
            "name": "https://groups.google.com/forum/#!forum/envoy-users",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!forum/envoy-users"
          },
          {
            "name": "https://blog.envoyproxy.io",
            "refsource": "MISC",
            "url": "https://blog.envoyproxy.io"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
            "refsource": "MISC",
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
          },
          {
            "name": "openSUSE-SU-2020:0379",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18802"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/envoyproxy/envoy/commits/master",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/envoyproxy/envoy/commits/master"
            },
            {
              "name": "https://blog.envoyproxy.io",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "https://blog.envoyproxy.io"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
            },
            {
              "name": "https://groups.google.com/forum/#!forum/envoy-users",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!forum/envoy-users"
            },
            {
              "name": "openSUSE-SU-2020:0379",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-13T13:15Z"
    }
  }
}

CERTFR-2019-AVI-633

Vulnerability from certfr_avis - Published: 2019-12-13 - Updated: 2019-12-13

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat	N/A	Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL 7.6 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat	N/A	Red Hat OpenShift Service Mesh 1.0 for RHEL 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat	N/A	Red Hat OpenShift Service Mesh 1.0 for RHEL 7 x86_64

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-18802 (GCVE-0-2019-18802)

FKIE_CVE-2019-18802

CNVD-2020-01020

GHSA-FX83-72PW-C56F

GSD-2019-18802

CERTFR-2019-AVI-633

Solution

Tags

Sightings

Nomenclature